Hello! I'm sure, many of professionals should be here, so, please, guys, take a look at this: http://gestcha.com - it's a hand gesture CAPTCHA prototype, that I finished recently (it works). Please, tell me, could it be useful or it's just a waste of time?

06-17-2014, 02:21 AM

junkpopat

My personal observations: Its new and looks cool. Code fixing might require in a production model for [a] while clicking anywhere on image, it links directly at that point, even though if there is no finger tip [b] there is no option to correct a mistake if wrong finger is linked [c] its not clear that exactly where to click on a finger tip, fixed marking via circled area might be easy to identify. Since its a five click verification, a bright clear image of fingers is an option to be considered instead of a dark image.

06-17-2014, 02:42 AM

drdialeruk

Looks great. its should be colorful.

06-17-2014, 03:23 AM

Author

Quote:

Originally Posted by junkpopat

My personal observations: Its new and looks cool. Code fixing might require in a production model for [a] while clicking anywhere on image, it links directly at that point, even though if there is no finger tip [b] there is no option to correct a mistake if wrong finger is linked [c] its not clear that exactly where to click on a finger tip, fixed marking via circled area might be easy to identify. Since its a five click verification, a bright clear image of fingers is an option to be considered instead of a dark image.

Thank you! a) yes - it makes the whole thing much more secure, b) - try touch the finger on the template. c) see a).

06-17-2014, 03:43 AM

deathshadow

All the information to decode it is client side as code, defeating the point of a captcha. WAY too easy to just slap aside... validation of values should be done server-side, since there is nothing stopping me from making a user.js that simply overrides your doneClicked method.

Your idea is interesting, but your implementation just won't work for doing what captcha's are for -- keeping out bots. It is in fact more likely to keep out humans.

It's also WAY too reliant on JS and CSS, meaning it has no graceful degradation.

06-17-2014, 04:37 AM

Author

Quote:

Originally Posted by deathshadow

All the information to decode it is client side as code, defeating the point of a captcha. WAY too easy to just slap aside... validation of values should be done server-side, since there is nothing stopping me from making a user.js that simply overrides your doneClicked method.

Your idea is interesting, but your implementation just won't work for doing what captcha's are for -- keeping out bots. It is in fact more likely to keep out humans.

It's also WAY too reliant on JS and CSS, meaning it has no graceful degradation.

Which if overridden would make it not disabled. You're an entirely client-side solution near as I can tell -- and that means it can be slapped aside as if it wasn't there with ease.

Unless you're sending all that server-side for validation somewhere I'm not seeing, in which case I'm wondering what all the scripting is for. You seem to have an ajax call for... no clue what... Wait, are you sending it in those hiddens? Not seeing where that's being assigned... though that's a MASSIVE amount of JS for something so simple. the mix of SVG with canvas with static images is... strange.

Generally speaking IF this is in fact sending it server-side for the actual check, then I'm wondering what more than half of your code is even for.

Though, have you considered trapping submit on an input[image] for the coordinates instead of all that extra stuff you have? take a look at the values returned when you click on a input type="image" -- it might be far simpler to trap that than all that other... stuff you have in there.

The tables for layout, HR when there's no topic change, and presence of the CENTER tag isn't inspiring confidence either... even if it is just a test page.

Really 16k of JS and about the same in SVG for a captcha is... not something I'd put on a website. Given the quality (or lack of therin) on the images and what the scripting is doing, I'd try to see if I could get that down to 8k or less TOTAL.

Which may mean swinging an axe at the SVG.

06-17-2014, 07:52 AM

Author

OMG! Have you seen the disclaimer on the second page? I'm NOT a web-designer/programmer! All the stuff you're critisizing is just a demonstration module of UI. My actual work is an image generator only. Images are 5KB gifs. Encryption works on server side (unique tickets, one-time-pad scheme).

06-17-2014, 07:55 AM

deathshadow

There's a second page? I thought it was a non-functional demo that just reloads the same page... since that seems to be all it does here.

-- edit -- Oh wow, it does all sorts of other stuff in Chrome... doesn't actually draw the lines between selections or go to the second page in FF or "real" Opera. (as opposed to the pathetic crippleware that is ChrOpera). Getting really sick of having to switch between browser engines like the worst of 1997 style Nyetscape vs. IE on things.

06-17-2014, 08:01 AM

Author

By the way, if you can help on reducing the size of UI I'll be much thankful. :) But SVG is important here - it's much more convenient way to solve it while maximized.